Bugtraq: RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

From: Benjamin Franz <snowhare () nihongo org>
Date: Wed, 16 Feb 2005 15:55:09 -0800 (PST)


On Wed, 16 Feb 2005, David Schwartz wrote:


Correct. And the browser vendors gain trust because they only include
reputable CAs.


Ummm.

No.

'They' (to a good first order approximation: 'Microsoft') are 'trusted'because 'they' own 90% of the browser market following the abuse of adesktop OS monopoly to force their applications competition out of themarket.


Defaults are power.

--
Benjamin Franz

"All right, where is the answer? The battle of wits has begun.
It ends when you click and we both serve pages - and find out who is right,
and who is slashdotted." - David Brandt

By Date By Thread

Current thread:

Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., (continued)